npm - @clear-capabilities/agentic-security-scanner - Versions diffs - 0.77.0 → 0.78.0 - Mend

@clear-capabilities/agentic-security-scanner 0.77.0 → 0.78.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (83) hide show

package/bin/.agentic-security/findings.json +1907 -0
package/bin/.agentic-security/last-scan.json +1907 -0
package/bin/.agentic-security/last-scan.json.sig +1 -0
package/bin/.agentic-security/scan-history.json +115 -0
package/bin/.agentic-security/streak.json +20 -0
package/bin/agentic-security.js +33 -2
package/dist/178.index.js +1 -1
package/dist/384.index.js +1 -1
package/dist/637.index.js +1 -1
package/dist/718.index.js +106 -0
package/dist/824.index.js +126 -0
package/dist/838.index.js +1 -1
package/dist/agentic-security.mjs +32 -32
package/dist/agentic-security.mjs.sha256 +1 -1
package/package.json +3 -3
package/src/.agentic-security/findings.json +82642 -0
package/src/.agentic-security/last-scan.json +82642 -0
package/src/.agentic-security/last-scan.json.sig +1 -0
package/src/.agentic-security/scan-history.json +10054 -0
package/src/.agentic-security/streak.json +21 -0
package/src/dataflow/.agentic-security/findings.json +3515 -0
package/src/dataflow/.agentic-security/last-scan.json +3515 -0
package/src/dataflow/.agentic-security/last-scan.json.sig +1 -0
package/src/dataflow/.agentic-security/scan-history.json +702 -0
package/src/dataflow/.agentic-security/streak.json +22 -0
package/src/dataflow/async-sequencing.js +16 -7
package/src/dataflow/builtin-summaries.js +131 -0
package/src/dataflow/catalog.js +107 -0
package/src/dataflow/cross-repo.js +75 -1
package/src/dataflow/engine.js +129 -0
package/src/dataflow/implicit-flow.js +24 -6
package/src/dataflow/stub-aware-filter.js +69 -11
package/src/dataflow/summaries.js +28 -3
package/src/engine-parallel.js +70 -0
package/src/engine.js +165 -15
package/src/ir/.agentic-security/findings.json +3777 -0
package/src/ir/.agentic-security/last-scan.json +3777 -0
package/src/ir/.agentic-security/last-scan.json.sig +1 -0
package/src/ir/.agentic-security/scan-history.json +771 -0
package/src/ir/.agentic-security/streak.json +21 -0
package/src/ir/index.js +22 -1
package/src/ir/parser-go.js +403 -0
package/src/ir/parser-js.js +2 -0
package/src/ir/parser-php.js +330 -0
package/src/ir/parser-py.helper.py +137 -11
package/src/ir/parser-rb.js +309 -0
package/src/posture/.agentic-security/findings.json +51562 -0
package/src/posture/.agentic-security/last-scan.json +51562 -0
package/src/posture/.agentic-security/last-scan.json.sig +1 -0
package/src/posture/.agentic-security/scan-history.json +650 -0
package/src/posture/.agentic-security/streak.json +20 -0
package/src/posture/calibration.js +14 -0
package/src/posture/triage.js +13 -0
package/src/report/.agentic-security/findings.json +80 -0
package/src/report/.agentic-security/last-scan.json +80 -0
package/src/report/.agentic-security/last-scan.json.sig +1 -0
package/src/report/.agentic-security/scan-history.json +35 -0
package/src/report/.agentic-security/streak.json +22 -0
package/src/report/index.js +23 -2
package/src/sast/.agentic-security/findings.json +5190 -0
package/src/sast/.agentic-security/last-scan.json +5190 -0
package/src/sast/.agentic-security/last-scan.json.sig +1 -0
package/src/sast/.agentic-security/scan-history.json +408 -0
package/src/sast/.agentic-security/streak.json +20 -0
package/src/sast/cache-poisoning.js +77 -0
package/src/sast/comparison-safety.js +73 -0
package/src/sast/db-taint.js +54 -0
package/src/sast/graphql.js +127 -0
package/src/sast/llm-stored-prompt.js +57 -0
package/src/sast/mutation-xss.js +43 -0
package/src/sast/nosql-injection.js +5 -0
package/src/sast/null-byte-injection.js +76 -0
package/src/sast/redos-nfa.js +338 -0
package/src/sast/sensitive-data-logging.js +73 -0
package/src/sast/weak-password-hash.js +77 -0
package/src/sast/weak-randomness.js +100 -0
package/src/sca/.agentic-security/findings.json +1587 -0
package/src/sca/.agentic-security/last-scan.json +1587 -0
package/src/sca/.agentic-security/last-scan.json.sig +1 -0
package/src/sca/.agentic-security/scan-history.json +36 -0
package/src/sca/.agentic-security/streak.json +21 -0
package/src/sca/llm-function-extract.js +107 -0
package/src/sca/vendor-detect.js +91 -0

package/src/dataflow/.agentic-security/scan-history.json ADDED Viewed

@@ -0,0 +1,702 @@
+[
+  {
+    "timestamp": "2026-05-26T15:54:30.242Z",
+    "label": "scan",
+    "total": 13,
+    "critical": 0,
+    "high": 0,
+    "medium": 13,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "ssrf-meta-hardcoded:catalog.js:439",
+      "ssrf-meta-hardcoded:exploit-prover.js:33",
+      "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:220:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:223:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:50:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:68:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:69:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "toctou-fs:incremental.js:50",
+      "toctou-fs:incremental.js:68"
+    ]
+  },
+  {
+    "timestamp": "2026-05-26T15:59:57.002Z",
+    "label": "scan",
+    "total": 13,
+    "critical": 0,
+    "high": 0,
+    "medium": 13,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "ssrf-meta-hardcoded:catalog.js:459",
+      "ssrf-meta-hardcoded:exploit-prover.js:33",
+      "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:220:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:223:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:50:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:68:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:69:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "toctou-fs:incremental.js:50",
+      "toctou-fs:incremental.js:68"
+    ]
+  },
+  {
+    "timestamp": "2026-05-26T16:16:54.427Z",
+    "label": "scan",
+    "total": 13,
+    "critical": 0,
+    "high": 0,
+    "medium": 13,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "ssrf-meta-hardcoded:catalog.js:496",
+      "ssrf-meta-hardcoded:exploit-prover.js:33",
+      "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:220:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:223:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:50:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:68:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:69:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "toctou-fs:incremental.js:50",
+      "toctou-fs:incremental.js:68"
+    ]
+  },
+  {
+    "timestamp": "2026-05-26T16:42:13.064Z",
+    "label": "scan",
+    "total": 13,
+    "critical": 0,
+    "high": 0,
+    "medium": 13,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "ssrf-meta-hardcoded:catalog.js:496",
+      "ssrf-meta-hardcoded:exploit-prover.js:33",
+      "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:220:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:223:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:50:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:68:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:69:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "toctou-fs:incremental.js:50",
+      "toctou-fs:incremental.js:68"
+    ]
+  },
+  {
+    "timestamp": "2026-05-26T16:42:59.107Z",
+    "label": "scan",
+    "total": 13,
+    "critical": 0,
+    "high": 0,
+    "medium": 13,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "ssrf-meta-hardcoded:catalog.js:496",
+      "ssrf-meta-hardcoded:exploit-prover.js:33",
+      "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:220:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:223:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:50:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:68:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:69:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "toctou-fs:incremental.js:50",
+      "toctou-fs:incremental.js:68"
+    ]
+  },
+  {
+    "timestamp": "2026-05-26T16:46:50.684Z",
+    "label": "scan",
+    "total": 13,
+    "critical": 0,
+    "high": 0,
+    "medium": 13,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "ssrf-meta-hardcoded:catalog.js:496",
+      "ssrf-meta-hardcoded:exploit-prover.js:33",
+      "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:220:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:223:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:50:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:68:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:69:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "toctou-fs:incremental.js:50",
+      "toctou-fs:incremental.js:68"
+    ]
+  },
+  {
+    "timestamp": "2026-05-26T16:47:41.341Z",
+    "label": "scan",
+    "total": 13,
+    "critical": 0,
+    "high": 0,
+    "medium": 13,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "ssrf-meta-hardcoded:catalog.js:496",
+      "ssrf-meta-hardcoded:exploit-prover.js:33",
+      "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:220:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:223:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:50:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:68:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:69:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "toctou-fs:incremental.js:50",
+      "toctou-fs:incremental.js:68"
+    ]
+  },
+  {
+    "timestamp": "2026-05-26T16:48:31.461Z",
+    "label": "scan",
+    "total": 13,
+    "critical": 0,
+    "high": 0,
+    "medium": 13,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "ssrf-meta-hardcoded:catalog.js:496",
+      "ssrf-meta-hardcoded:exploit-prover.js:33",
+      "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:220:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:223:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:50:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:68:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:69:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "toctou-fs:incremental.js:50",
+      "toctou-fs:incremental.js:68"
+    ]
+  },
+  {
+    "timestamp": "2026-05-26T17:02:35.530Z",
+    "label": "scan",
+    "total": 13,
+    "critical": 0,
+    "high": 0,
+    "medium": 13,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "ssrf-meta-hardcoded:catalog.js:496",
+      "ssrf-meta-hardcoded:exploit-prover.js:33",
+      "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:220:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:223:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:50:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:68:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:69:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "toctou-fs:incremental.js:50",
+      "toctou-fs:incremental.js:68"
+    ]
+  },
+  {
+    "timestamp": "2026-05-26T17:05:59.505Z",
+    "label": "scan",
+    "total": 13,
+    "critical": 0,
+    "high": 0,
+    "medium": 13,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "ssrf-meta-hardcoded:catalog.js:496",
+      "ssrf-meta-hardcoded:exploit-prover.js:33",
+      "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:220:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:223:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:50:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:68:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:69:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "toctou-fs:incremental.js:50",
+      "toctou-fs:incremental.js:68"
+    ]
+  },
+  {
+    "timestamp": "2026-05-26T17:11:46.314Z",
+    "label": "scan",
+    "total": 13,
+    "critical": 0,
+    "high": 0,
+    "medium": 13,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "ssrf-meta-hardcoded:catalog.js:496",
+      "ssrf-meta-hardcoded:exploit-prover.js:33",
+      "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:220:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:223:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:50:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:68:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:69:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "toctou-fs:incremental.js:50",
+      "toctou-fs:incremental.js:68"
+    ]
+  },
+  {
+    "timestamp": "2026-05-27T00:47:42.438Z",
+    "label": "scan",
+    "total": 13,
+    "critical": 0,
+    "high": 0,
+    "medium": 13,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "ssrf-meta-hardcoded:catalog.js:505",
+      "ssrf-meta-hardcoded:exploit-prover.js:33",
+      "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:220:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:223:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:50:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:68:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:69:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "toctou-fs:incremental.js:50",
+      "toctou-fs:incremental.js:68"
+    ]
+  },
+  {
+    "timestamp": "2026-05-27T00:49:00.083Z",
+    "label": "scan",
+    "total": 13,
+    "critical": 0,
+    "high": 0,
+    "medium": 13,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "ssrf-meta-hardcoded:catalog.js:508",
+      "ssrf-meta-hardcoded:exploit-prover.js:33",
+      "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:220:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:223:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:50:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:68:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:69:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "toctou-fs:incremental.js:50",
+      "toctou-fs:incremental.js:68"
+    ]
+  },
+  {
+    "timestamp": "2026-05-27T00:52:13.881Z",
+    "label": "scan",
+    "total": 13,
+    "critical": 0,
+    "high": 0,
+    "medium": 13,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "ssrf-meta-hardcoded:catalog.js:515",
+      "ssrf-meta-hardcoded:exploit-prover.js:33",
+      "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:220:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:223:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:50:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:68:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:69:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "toctou-fs:incremental.js:50",
+      "toctou-fs:incremental.js:68"
+    ]
+  },
+  {
+    "timestamp": "2026-05-27T00:56:08.313Z",
+    "label": "scan",
+    "total": 13,
+    "critical": 0,
+    "high": 0,
+    "medium": 13,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "ssrf-meta-hardcoded:catalog.js:527",
+      "ssrf-meta-hardcoded:exploit-prover.js:33",
+      "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:220:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:223:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:50:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:68:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:69:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "toctou-fs:incremental.js:50",
+      "toctou-fs:incremental.js:68"
+    ]
+  },
+  {
+    "timestamp": "2026-05-27T00:57:22.450Z",
+    "label": "scan",
+    "total": 13,
+    "critical": 0,
+    "high": 0,
+    "medium": 13,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "ssrf-meta-hardcoded:catalog.js:538",
+      "ssrf-meta-hardcoded:exploit-prover.js:33",
+      "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:220:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:223:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:50:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:68:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:69:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "toctou-fs:incremental.js:50",
+      "toctou-fs:incremental.js:68"
+    ]
+  },
+  {
+    "timestamp": "2026-05-27T02:34:32.799Z",
+    "label": "scan",
+    "total": 13,
+    "critical": 0,
+    "high": 0,
+    "medium": 13,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "ssrf-meta-hardcoded:catalog.js:538",
+      "ssrf-meta-hardcoded:exploit-prover.js:33",
+      "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:220:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:223:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:50:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:68:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:69:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "toctou-fs:incremental.js:50",
+      "toctou-fs:incremental.js:68"
+    ]
+  },
+  {
+    "timestamp": "2026-05-27T02:44:28.731Z",
+    "label": "scan",
+    "total": 13,
+    "critical": 0,
+    "high": 0,
+    "medium": 13,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "ssrf-meta-hardcoded:catalog.js:538",
+      "ssrf-meta-hardcoded:exploit-prover.js:33",
+      "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:220:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:223:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:50:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:68:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:69:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "toctou-fs:incremental.js:50",
+      "toctou-fs:incremental.js:68"
+    ]
+  },
+  {
+    "timestamp": "2026-05-27T02:46:28.817Z",
+    "label": "scan",
+    "total": 13,
+    "critical": 0,
+    "high": 0,
+    "medium": 13,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "ssrf-meta-hardcoded:catalog.js:538",
+      "ssrf-meta-hardcoded:exploit-prover.js:33",
+      "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:220:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:223:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:50:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:68:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:69:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "toctou-fs:incremental.js:50",
+      "toctou-fs:incremental.js:68"
+    ]
+  },
+  {
+    "timestamp": "2026-05-27T02:51:52.901Z",
+    "label": "scan",
+    "total": 13,
+    "critical": 0,
+    "high": 0,
+    "medium": 13,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "ssrf-meta-hardcoded:catalog.js:538",
+      "ssrf-meta-hardcoded:exploit-prover.js:33",
+      "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:220:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:223:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:50:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:68:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:69:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "toctou-fs:incremental.js:50",
+      "toctou-fs:incremental.js:68"
+    ]
+  },
+  {
+    "timestamp": "2026-05-27T03:01:05.846Z",
+    "label": "scan",
+    "total": 13,
+    "critical": 0,
+    "high": 0,
+    "medium": 13,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "ssrf-meta-hardcoded:catalog.js:538",
+      "ssrf-meta-hardcoded:exploit-prover.js:33",
+      "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:220:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:223:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:50:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:68:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:69:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "toctou-fs:incremental.js:50",
+      "toctou-fs:incremental.js:68"
+    ]
+  },
+  {
+    "timestamp": "2026-05-27T03:14:22.409Z",
+    "label": "scan",
+    "total": 13,
+    "critical": 0,
+    "high": 0,
+    "medium": 13,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "ssrf-meta-hardcoded:catalog.js:538",
+      "ssrf-meta-hardcoded:exploit-prover.js:33",
+      "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:220:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:223:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:50:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:68:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:69:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "toctou-fs:incremental.js:50",
+      "toctou-fs:incremental.js:68"
+    ]
+  },
+  {
+    "timestamp": "2026-05-27T09:06:49.555Z",
+    "label": "scan",
+    "total": 13,
+    "critical": 0,
+    "high": 0,
+    "medium": 13,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "ssrf-meta-hardcoded:catalog.js:538",
+      "ssrf-meta-hardcoded:exploit-prover.js:33",
+      "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:220:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:223:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:50:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:68:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:69:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "toctou-fs:incremental.js:50",
+      "toctou-fs:incremental.js:68"
+    ]
+  },
+  {
+    "timestamp": "2026-05-27T09:07:34.195Z",
+    "label": "scan",
+    "total": 13,
+    "critical": 0,
+    "high": 0,
+    "medium": 13,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "ssrf-meta-hardcoded:catalog.js:538",
+      "ssrf-meta-hardcoded:exploit-prover.js:33",
+      "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:220:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:223:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:50:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:68:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:69:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "toctou-fs:incremental.js:50",
+      "toctou-fs:incremental.js:68"
+    ]
+  },
+  {
+    "timestamp": "2026-05-27T09:27:55.033Z",
+    "label": "scan",
+    "total": 13,
+    "critical": 0,
+    "high": 0,
+    "medium": 13,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "ssrf-meta-hardcoded:catalog.js:538",
+      "ssrf-meta-hardcoded:exploit-prover.js:33",
+      "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:220:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:223:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:50:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:68:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:69:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "toctou-fs:incremental.js:50",
+      "toctou-fs:incremental.js:68"
+    ]
+  },
+  {
+    "timestamp": "2026-05-27T09:28:46.801Z",
+    "label": "scan",
+    "total": 13,
+    "critical": 0,
+    "high": 0,
+    "medium": 13,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "ssrf-meta-hardcoded:catalog.js:538",
+      "ssrf-meta-hardcoded:exploit-prover.js:33",
+      "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:220:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:223:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:50:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:68:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:69:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "toctou-fs:incremental.js:50",
+      "toctou-fs:incremental.js:68"
+    ]
+  },
+  {
+    "timestamp": "2026-05-27T09:29:26.721Z",
+    "label": "scan",
+    "total": 13,
+    "critical": 0,
+    "high": 0,
+    "medium": 13,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "ssrf-meta-hardcoded:catalog.js:538",
+      "ssrf-meta-hardcoded:exploit-prover.js:33",
+      "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:220:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:223:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:50:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:68:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:69:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "toctou-fs:incremental.js:50",
+      "toctou-fs:incremental.js:68"
+    ]
+  },
+  {
+    "timestamp": "2026-05-27T09:30:02.365Z",
+    "label": "scan",
+    "total": 13,
+    "critical": 0,
+    "high": 0,
+    "medium": 13,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "ssrf-meta-hardcoded:catalog.js:538",
+      "ssrf-meta-hardcoded:exploit-prover.js:33",
+      "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:220:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:223:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:50:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:68:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:incremental.js:69:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "toctou-fs:incremental.js:50",
+      "toctou-fs:incremental.js:68"
+    ]
+  }
+]